Thread: Passwords

Added to TODO:
* Encrpyt passwords in pg_shadow table using MD5

--  Bruce Momjian                        |  http://www.op.net/~candle pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026
 

On Sat, 6 May 2000, Bruce Momjian wrote:

> Added to TODO:
> 
>     * Encrpyt passwords in pg_shadow table using MD5

Under FreeBSD, if you use crypt() for encrypting, and you are outside of
the 'export restricted area', you auto-get MD5 vs DES ... I think if DES
is available, it should be used over MD5, if we're doing this for security
reasons ...

My *understanding* is that MD5 is a half-way measure that is easier to
break then DES, which is why it isn't under the export restrictions ...


Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
Systems Administrator @ hub.org 
primary: scrappy@hub.org           secondary: scrappy@{freebsd|postgresql}.org 

On Sat, 6 May 2000, The Hermit Hacker wrote:

> My *understanding* is that MD5 is a half-way measure that is easier to
> break then DES, which is why it isn't under the export restrictions ...

There are a few misconceptions here:

1. DES is legal to export since March of this year, when USG relaxed
controls on crypto. Any software that is off-the-shelf or 'free as in
speech' is allowed to have DES code. Only requirement is that a copy of
software or a link to URL which contains software must be provided to BXA
office. 

2. MD5 was allowed to be exported because it is not a encryption
algorithm, and cannot be used as such. It is inherently one-way, therefore
the terrorists won't have any use to it. Or something like that ;)

-alex

on 5/6/00 9:54 PM, The Hermit Hacker at scrappy@hub.org wrote:

> My *understanding* is that MD5 is a half-way measure that is easier to
> break then DES, which is why it isn't under the export restrictions ...

No, MD5 only provides hashing. You can never "unhash" something, so you can
never use MD5 as a real encryption function (which would need to be
reversible if you ever want to decrypt your message). Thus, since MD5 does
not allow you to encrypt data, it doesn't fall under any export
restrictions. It is *very* hard, and most probably impossible to find
collisions in the MD5 hashing function (which would allow you to break the
password scheme based on it).

With a DES-based crypt command, you can actually reverse the process. Take
your "crypted" password, and decrypt it using DES and the cleartext password
as the key. You'll manage to get back to the original block of "0"s that you
started with. That's why DES is export-controlled...

-Ben

The Hermit Hacker writes:

> My *understanding* is that MD5 is a half-way measure that is easier to
> break then DES, which is why it isn't under the export restrictions ...

If you don't feel secure about MD5 you can always use SHA1. In fact you
might want to look at the mhash package which has a bunch of hashing
functions with a decent interface and it's under a BSD'ish license. At
least you can steal the implementation from there.

-- 
Peter Eisentraut                  Sernanders väg 10:115
peter_e@gmx.net                   75262 Uppsala
http://yi.org/peter-e/            Sweden

On Sun, 07 May 2000, Peter Eisentraut wrote:
> If you don't feel secure about MD5 you can always use SHA1. In fact you

I've read that SHA1 (Secure Hash Algorithm) is preferred over MD5 for new
applications.  MD5 should be used only if you need to maintain support for
applications which are already using it.  SHA1 is 160 bits while MD5 is 128
bits of output.
-- 
Robert B. Easter
reaster@comptechnews.com